Hi all -
I have a client who wants to allow employees to use their own laptops on
the corp. wireless network so that they can access files on the server.
I gave them a run-down of options (allow usual file sharing [bad idea],
MS VPN quarantine [complex scripting], SharePoint services [not bad, but
no printer access] and third party quarantine options).
Aside from any other ideas someone may have, it seems to me that the
third party compliance software/appliance, while probably being the most
versatile is pretty costly. I found a couple starting at about $20K.
Does anybody know of any devices that are significantly cheaper and can
allow my client to do what they want? I should mention that they are
bound by HIPAA regulations here. Or any approaches I haven't thought of?
Thanks for the input.
Adam
Adam J. Rosen
President
Buffalo Data Solutions
716-913-6312
ajrosen@buffdata.com
http://www.buffdata.com
Hi,
Given the limited details on what such a system needs to be able to
provide user's of "home" laptops, I would go for a totally complete
and seperate network from the corporate wireless LAN with pinholes to
a Citrix/MS Terminal Services server in a DMZ which would provide the
"services" needed by "home" laptops.
As for NAC which was mentioned, it just seems to be the latest snake
oil being offered by security vendors to uninformed security
executives. I recenty easily bypassed a NAC on a Juniper box in under
30 minutes by changing a view registry keys on my Windows client. And
at Blackhat Europe researchers recently revealed a flaw in Cisco's
offereing in the NAC space:
http://www.net-security.org/article.php?id=1001 NAC probably has a
role in a multi-layer defense in depth network security policy.
However, that said, I would not rely on NAC solutions too heavily.
Just my 2 cents.........
Cheers.
--Rob
